One person from SysOps look at Keyclock with Kubernetes and Docker
Another person from SysOps look at Kong with Kubernetes and Docker
Proof-of-Concept:
Logging out doesn't work
Software version using Applications/modules/interfaces, Keyclock is in platform complete.
Didn't change code in existing modules.
Has a platform minimal as well.
New feature of Roles-based access controls replacement of permissions/permissionsSets
Okapi doesn't exist, all using Kong, can use
Thoughts?
Use POC to investigate
Any documentation on this specific implementation, how is Kong interacting with FOLIO? Not much documentation available for us to review. We have to figure how to get Kong working, very concerning.
From Jason Root's comment in chat: My biggest concern here is how does one interact with the Kong Gateway API to do system administration tasks like we are familiar with in Okapi? That will likely take a lot of code change and retooling for integrations, and deployment scripts/jobs for upgrading the system.
From Tod Olson comment in chat: On the subject of KeyCloak, it supports both SAML and OIDC. If this means we no longer need to support mod-login-saml and we get more options for authentication, I think this will be a good thing.
Folio-kong doesn't have a README, only the authorization part
Florian Kreft - concern that external scripts integrations are not fully compatible with existing Okapi.
From Tod Olson comment in chat: I believe that these technologies were chosen, at least in part, to meet stricter government security requirements. I'm not certain that's part of Kong, but it is part of KeyCloak and and the work on roles.
Not sure Kong is a drop-in replacement for Okapi
Florian Gleixner - replace open-source with freemium version for Kong? What are the costs? Costs by institution and/or by users? No information about licensing, only if you are willing to talk with Sales. Don't want to bring software that costs millions a year?
Julian Ladisch - Libraries would need to commercial version
Florian Kreft - What is the reasoning for replacing Okapi with Kong?
Okapi's responsibilities have been distributed over multiple technologies Keyclock, Kong, and module side-cars. Tenant endpoint not part of Kong. Kong only a API gateway, doesn't replace all of Okapi.
Not sure where Module sidecars code exists? Maybe in module, sidecars with different images, run next to module, in Kubernetes run along side of modules. Different images run in the same scope, keep original module the same but another container that is directly linked to the module. Inventory and Inventory-storage modules, makes sense to but does these sidecars replace Kafka?
Is there someone to tell use how Kong and other technologies replace Okapi? Keyclock is not a problem, help us to bind identity managements to FOLIO, Kong as a replacement for Okapi, not open-source have to pay for Kong. Direct communication of modules? Not sure that is right way as it closely couples modules together. Maybe combine modules? Module boundaries maybe wrong
Security concerns makes more sense with Keyclock, not certain about Kong.
A non-free okapi replacement would really go against the last o in folio
Keyclock replacement part not as big change as changing to Kong
How to use sidecars if not using Kubernetes? Could still use sidecars when using Docker in the same context.
Need more details on module sidecars? What exactly is the problem that sidecars are solving?
Don't really understand direct module-to-module communication? Sidecar would need HTTP communication forward that to the connect module. Not sure of the purpose?
Need clarification on module sidecars and why Kong is better than Okapi? Considering it is not free and not cheap or open.
Any documentations on why or analysis for these changes?
Not sure we have enough information to assess these changes without more information.
Kong plan Plus: API Requests $34.25 per 1M requests
--
20
WolfCon Planning
All
A few exciting updates to share for WOLFcon 2024:Call for Proposals Now Open:Got ideas about open-source to share? Talk about it at WOLFcon. Submit a presentation, panel, short talk,or pre-conference workshop. The deadline for submissions is March 31, 2024. Submit a sessionhere.Early Bird Registration Now Open:Join us at Senate House, University of London. September 24-26, 2024.Register nowthrough July 31, 2024 for an early bird discounted rate.Learn more about WOLFcon 2024: Want to learn more about the Open Library Foundation and WOLFcon? Be sure tovisit our websitewhere you can learn more about the foundation, members projects, communities, and the annual conference.
Submissions for SysOps presentation, panel, short talk or pre-conference workshop? Have a SysOps session or talk, could be hybrid.
Topics for SysOps?
Next week look at topics before March 31 2024, deadline SysOps for is March 22.
Architectural POC summary?
5
Topics for next meetings
Meet next week to discuss WOLFcon proposals and Architectural POC assessment
Action items
Type your task here, using "@" to assign to a user and "//" to select a due date